forked from extern/shorewall_code
Fix 'all' in the SOURCE of DNAT- rules
This commit is contained in:
parent
2aecb9ac12
commit
3e0a55f072
Shorewall
@ -1453,7 +1453,7 @@ sub process_rule ( $$$$$$$$$$$$ ) {
|
||||
}
|
||||
} else {
|
||||
my $destzone = (split( /:/, $dest, 2 ) )[0];
|
||||
$destzone = firewall_zone unless defined_zone( $destzone ); # We do this to allow 'REDIRECT all ...'; process_rule1 will catch the case where the dest zone is invalid
|
||||
$destzone = $action =~ /^REDIRECT/ ? firewall_zone : '' unless defined_zone $destzone;
|
||||
if ( $intrazone || ( $zone ne $destzone ) ) {
|
||||
process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, 1;
|
||||
}
|
||||
|
@ -8,7 +8,10 @@ Changes in Shorewall 4.3.10
|
||||
|
||||
4) Fix handling of class IDs.
|
||||
|
||||
5) Deprecate use of an interface in the SOURCE column of /etc/shorewall/masq.
|
||||
5) Deprecate use of an interface in the SOURCE column of
|
||||
/etc/shorewall/masq.
|
||||
|
||||
6) Fix handling of 'all' in the SOURCE of DNAT- rules.
|
||||
|
||||
Changes in Shorewall 4.3.9
|
||||
|
||||
|
@ -85,6 +85,10 @@ released late in 2009.
|
||||
the correct sequence was "...8,9,a,b,...". Shorewall now treats
|
||||
class IDs as hex, like 'tc' and 'iptables' do.
|
||||
|
||||
3. Previously, when 'all' appeared in the SOURCE column of a DNAT-
|
||||
rule, no rule was generated to redirect output from the firewall
|
||||
itself.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user